MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Rhadamanthys

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f
SHA3-384 hash:	5fe004271faed8080b4e65caaeae8d61cd681de4bd16cc9a68f6d21310b2e53bad54074f258b906aac849bca1af102b0
SHA1 hash:	b919ea527bbba59756adc477736780f253760b02
MD5 hash:	436664ed605d0d83eef057ecd8af9458
humanhash:	ohio-mockingbird-jersey-oregon
File name:	436664ed605d0d83eef057ecd8af9458.exe
Download:	download sample
Signature	Rhadamanthys Create hunting rule
File size:	415'744 bytes
First seen:	2023-05-09 06:54:34 UTC
Last seen:	2023-05-13 22:42:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e0f7442c9aae17dbc3af11473e831c4e (5 x Rhadamanthys, 2 x Stop, 1 x Smoke Loader)
ssdeep	6144:dh7dSKLUf5sgjpTqXFgSvjniRwVlpyHfZj6E:LdSUUCgJqXKenoC0fl6E
Threatray	337 similar samples on MalwareBazaar
TLSH	T1AF947DD362E17C62E7274A72CE1ED7F4761FF9608F4937EB1218AA2F04701A1C166722
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	000000c0c0420000 (1 x Rhadamanthys)
Reporter	abuse_ch
Tags:	exe Rhadamanthys

Intelligence

File Origin

# of uploads :

# of downloads :

260

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

436664ed605d0d83eef057ecd8af9458.exe

Verdict:

Malicious activity

Analysis date:

2023-05-09 06:58:45 UTC

Tags:

rhadamanthys

Link:

https://app.any.run/tasks/03b7b7e4-7fc8-47d1-8257-c277118c3ba5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Rhadamanthys

Link:

https://www.capesandbox.com/analysis/387702/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.41138.3001.13658.UNOFFICIAL

Win.Packed.Trojanx-10001393-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Сreating synchronization primitives

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6459ee4f3b40ceeb9637b524/reports/5c1033d1-f574-415d-b6b9-2d761ca84653/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6d932de8-39b2-4788-b7fd-20dd0466d405

Result

Threat name:

RHADAMANTHYS

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1228918

Signature

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM3

Yara detected RHADAMANTHYS Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f/

Threat name:

Win32.Spyware.Rhadamanthys

Status:

Malicious

First seen:

2023-05-08 23:48:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 37 (78.38%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ywhur4qd2taelbtsgvnstsxtdll62vcwzwrschxkeydeklhrpkhq._file

Verdict:

malicious

Rhadamanthys

3afa8aa568f26c6dcc9e6b32f376def4d0f54912ca431490e3b6558044fb2368

Rhadamanthys

4532489becbdf07bc0a932486ab95b497113f5600c7646b635eaea9bcfa430cd

Rhadamanthys

543c264b4e3db65f803e6a0fa4c71ac957fcb64a802e2a29dda024b58d0e7aaf

Rhadamanthys

597a4ade5d862166430037813118d0e94d993d87490fed195c0ade3fb6ab3e42

Rhadamanthys

653c12db63dc13521af00bac41d549d599d5705c81b8b8ee40988a4a0924eb22

Rhadamanthys

b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf

Rhadamanthys

c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4

Rhadamanthys

c7e1d534ed1a723b3aaecf3a257cf2f1bea5b46fb91b8510d9ae9523a3caf457

Rhadamanthys

ccad7b6f65bf0381e93cabfceeb6e0bc5f838a37112981733b7f719f8d90087e

Rhadamanthys

+ 327 additional samples on MalwareBazaar

Result

Malware family:

rhadamanthys

Score:

10/10

Tags:

family:rhadamanthys stealer

Link:

https://tria.ge/reports/230509-hptapsge8x/

Behaviour

Detect rhadamanthys stealer shellcode

Rhadamanthys

Malware Config

C2 Extraction:

http://179.43.142.201/img/favicon.png

Unpacked files

SH256 hash:

1797d67afc3879e8f47e41f157a56268a4a615f3e9b1e40c0b187a7915ee4107

MD5 hash:

9f086efa5c76a33e52fd2c925de924d3

SHA1 hash:

959399bcdd9e81bdb546f9559514dfad357f1361

Link:

https://www.unpac.me/results/21823b5f-0e8c-47c2-ae7e-cda5991da865/

SH256 hash:

c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f

MD5 hash:

436664ed605d0d83eef057ecd8af9458

SHA1 hash:

b919ea527bbba59756adc477736780f253760b02

Link:

https://www.unpac.me/results/21823b5f-0e8c-47c2-ae7e-cda5991da865/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

exe c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f

(this sample)

Cape

https://www.capesandbox.com/analysis/387702/

URLhaus

https://urlhaus.abuse.ch/url/2519959/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample